The personal data of thousands of Ledger users has been published on RaidForums, a marketplace for sharing hacked information, the firm said on Twitter on 20 December.
In a thread of tweets, the firm explained that “early signs” pointed to this data being from Ledger’s June data breach. At the time, the firm claimed that around 1 million email addresses were leaked, alongside the personal information of 9,500 of its customers. The firm commented:
“We were aware of this data breach, alerted the authorities, our users, and have been fighting downstream attacks ever since.”
Yesterday’s data dump, however, showed that the leak was likely far greater, with the co-founder and CTO of security firm Hundson Rock, Alon Gal, claiming the database contained the personal information of more than 270,000 Ledger buyers. He Tweeted:
While the data breach does not pose a direct danger to the crypto holdings of Ledger users, it leaves them open to phishing attempts sent to their email or phone numbers. Ledger assured its customers that it has been doing “everything possible” to make its wallets stronger since the accident. The firm has also been working with law enforcement agencies to prosecute the malicious actors involved in such scams, and has so far taken down “more than 170 phishing websites since the original breach”.